Software Security Era - Past, Present, and Future

Explore the evolution of memory corruption exploitation in software security from 1988 to the present in this conference talk from the Hack In The Box Security Conference. Trace the development of vulnerability classes, exploitation techniques like Return Oriented Programming (ROP) and return-to-libc, and mitigation strategies implemented by different operating systems. Witness demonstrations of real-world vulnerabilities, including a buffer overflow in GNU Sharutils and an integer overflow in Windows Kernel win32k.sys. Gain insights into the ongoing challenges of mitigating memory corruption threats across various products and operating systems. Learn from experienced security professionals Nafiez and Jaan Yeh as they provide a high-level overview of memory corruption and discuss how exploitation techniques have evolved to bypass multi-stage mitigations.